A buffer overflow was discovered in the AV1 video plugin for the
GStreamer media framework, which may result in denial of service or
potentially the execution of arbitrary code if a malformed media file
is opened.
The oldstable distribution (bullseye) is not affected.
It was reported that the BlueZ’s HID profile implementation is not
inline with the HID specification which mandates the use of Security
Mode 4. The HID profile configuration option ClassicBondedOnly now
defaults to “true” to make sure that input connections only come from
bonded device connections.
An important security issue was discovered in Chromium, which could result
in the execution of arbitrary code.
Google is aware that an exploit for CVE-2023-7024 exists in the wild.
